From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Tue, 31 Mar 2020 10:56:03 +0200 (CEST) References: <5602805.1319309.1585599459612.ref@mail.yahoo.com> <5602805.1319309.1585599459612@mail.yahoo.com> From: Ondrej Kozina Message-ID: <8e692b82-04cc-693c-08e7-cb6524916c23@redhat.com> Date: Tue, 31 Mar 2020 10:49:41 +0200 MIME-Version: 1.0 In-Reply-To: <5602805.1319309.1585599459612@mail.yahoo.com> Content-Language: en-US Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Subject: Re: [dm-crypt] unbound keys List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Dm-crypt Cc: =?UTF-8?B?SlQgTW9yw6ll?= Hi, On 3/30/20 10:17 PM, JT Mor=C3=A9e wrote: > After reading the luks2 FAQ, spec and archives I don't understand what an= unbound key is used for. That's our never ending struggle to improve documentation and blog posts=20 coverage. Hope things get calmer after 2.4.0 release so that we can=20 focus on this effort. >=20 > Assuming the unbound key is created from encrypting the given file with t= he other file specified by --master-key-file: how would I use it?=C2=A0 Can= it be extracted so that I can decrypt it later?=C2=A0 Do I need to write C= code to extract the data as-is it or will cryptsetup already do it?=C2=A0= =C2=A0 If not and I'm going to write C then should it be integrated as a ne= w command in cryptsetup? The principle of unbound keys is quite simple. In general 'unbound key'=20 or 'unbound luks2 keyslot' contains secret stored in LUKS2 keyslot _not_=20 currently bound to (associated with) any data segment (crypt segment) in=20 LUKS2 'Segments' section. So it's independent 'key' stored in luks2 keyslot and it cannot be used=20 to unlock LUKS2 data device (yet). What we use it for currently: 1) LUKS2 reencryption. Future/new volume key in stored in unbound=20 keyslot and it became regular LUKS2 keyslot later when it's used to=20 actually decrypt/encrypt some crypt segment. 2) Somehow similar use case as 1) is used with wrapped key scheme (used=20 with e.g. paes cipher). The VK stored in keyslot is in fact binary blob=20 (encrypted again). The KEK for that binary blob may be refreshed (KEK in=20 this case is not managed by cryptsetup!) and binary blob gets changed.=20 For the KEK refresh process 'unbound keyslot' is used. First you store=20 future effective VK in unbound keyslot and later it gets enforced to=20 become new real VK (bound to current dm-crypt segment). >=20 > Since the unbound feature does the encryption: is it compatible with a sm= art card (PGP/GPG)? >=20 > =C2=A0 sudo cryptsetup luksAddKey --unbound --master-key-file ../lukstes= t/publickey.pem /dev/sdb --key-size 512 ../lukstest/privatekey No, that's not how unbound keys work. With this command in particular=20 you'd add new unbound keyslot where content would be first 64 bytes of=20 publickey.pem file. Passphrase for that unbound keyslot would be=20 privatekey file content. But interesting idea and perhaps it could be done later with new tokens=20 loadable plugins (2.4.0 release). Regards O.